Sign-up

ID

VAR-201310-0474


CVE

CVE-2013-5162


TITLE

iPhone Runs on the device Apple iOS Vulnerabilities that prevent invalid state due to passcode failure in passcode lock

Trust: 0.8

sources: JVNDB: JVNDB-2013-004869

DESCRIPTION

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. There is. Apple iOS for iPhone is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass the time delay for incorrect pass-code attempts. This may aid in other attacks. Versions prior to Apple iOS 7.0.3 are vulnerable. An attacker with access to the device could exploit this vulnerability to bypass the passcode fail disabled state

Trust: 1.98

sources: NVD: CVE-2013-5162 // JVNDB: JVNDB-2013-004869 // BID: 63277 // VULHUB: VHN-65164

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:7.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:7.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:lteversion:7.0.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:7.0.3 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:7.0.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

sources: BID: 63277 // JVNDB: JVNDB-2013-004869 // CNNVD: CNNVD-201310-574 // NVD: CVE-2013-5162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5162
value: LOW

Trust: 1.0

NVD: CVE-2013-5162
value: LOW

Trust: 0.8

CNNVD: CNNVD-201310-574
value: LOW

Trust: 0.6

VULHUB: VHN-65164
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-5162
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65164
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65164 // JVNDB: JVNDB-2013-004869 // CNNVD: CNNVD-201310-574 // NVD: CVE-2013-5162

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-65164 // JVNDB: JVNDB-2013-004869 // NVD: CVE-2013-5162

THREAT TYPE

local

Trust: 0.9

sources: BID: 63277 // CNNVD: CNNVD-201310-574

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-574

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004869

PATCH
title:APPLE-SA-2013-10-22-1url:http://lists.apple.com/archives/security-announce/2013/Oct/msg00002.html
Trust: 0.8
title:HT6010url:http://support.apple.com/kb/HT6010
Trust: 0.8
title:HT6010url:http://support.apple.com/kb/HT6010?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004869

EXTERNAL IDS
db:NVDid:CVE-2013-5162
Trust: 2.8
db:JVNid:JVNVU95174988
Trust: 0.8
db:JVNDBid:JVNDB-2013-004869
Trust: 0.8
db:CNNVDid:CNNVD-201310-574
Trust: 0.7
db:APPLEid:APPLE-SA-2013-10-22-1
Trust: 0.6
db:BIDid:63277
Trust: 0.4
db:SEEBUGid:SSVID-61064
Trust: 0.1
db:VULHUBid:VHN-65164
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65164 // 
            
            
            
            BID: 63277 // 
            
            
            
            JVNDB: JVNDB-2013-004869 // 
            
            
            
            CNNVD: CNNVD-201310-574 // 
            
            
            
            NVD: CVE-2013-5162

REFERENCES
url:http://lists.apple.com/archives/security-announce/2013/oct/msg00002.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5162
Trust: 0.8
url:http://jvn.jp/cert/jvnvu95174988/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5162
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65164 // 
            
            
            
            BID: 63277 // 
            
            
            
            JVNDB: JVNDB-2013-004869 // 
            
            
            
            CNNVD: CNNVD-201310-574 // 
            
            
            
            NVD: CVE-2013-5162

CREDITS
Tomer and Mor
Trust: 0.3
sources:
            
            
            BID: 63277

SOURCES
db:VULHUBid:VHN-65164
db:BIDid:63277
db:JVNDBid:JVNDB-2013-004869
db:CNNVDid:CNNVD-201310-574
db:NVDid:CVE-2013-5162

LAST UPDATE DATE
2025-04-11T22:19:02.721000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65164date:2013-10-24T00:00:00
db:BIDid:63277date:2013-10-22T00:00:00
db:JVNDBid:JVNDB-2013-004869date:2013-10-31T00:00:00
db:CNNVDid:CNNVD-201310-574date:2013-11-08T00:00:00
db:NVDid:CVE-2013-5162date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65164date:2013-10-24T00:00:00
db:BIDid:63277date:2013-10-22T00:00:00
db:JVNDBid:JVNDB-2013-004869date:2013-10-25T00:00:00
db:CNNVDid:CNNVD-201310-574date:2013-10-24T00:00:00
db:NVDid:CVE-2013-5162date:2013-10-24T03:48:48.927